<?php
require 'config.php';
switch (@$_GET['a']){

        case 'jin':
            $id = $_GET['id'];
        	$sql = "update user set status = 0 where id = $id";
        	$p = $_GET['p'];
        	mysqli_query($link,$sql);
        	if (mysqli_affected_rows($link)>0) {
        		 echo "<script>alert('禁用成功');window.location.href='user.php?p={$p}';</script>";die;
        	}
            mysqli_close($link);

        	break;
        case 'kai':
            $id = $_GET['id'];
        	$sql = "update user set status = 1 where id = $id";
            $p = $_GET['p'];
        	mysqli_query($link,$sql);
        	if (mysqli_affected_rows($link)>0) {
        		 echo "<script>alert('开启成功');window.location.href='user.php?p={$p}';</script>";die;
        	}
            mysqli_close($link);

        	break;
        case 'fen_jin':
            $search = $_GET['search'];
            $id = $_GET['id'];
            $sql = "update user set status = 0 where id = $id";
            $p = $_GET['p'];
            mysqli_query($link,$sql);
            if (mysqli_affected_rows($link)>0) {
                echo "<script>alert('禁用成功');window.location.href='user.php?p={$p}&search={$search}';</script>";die;
            }
            mysqli_close($link);
        case 'fen_kai':
            $search = $_GET['search'];
            $id = $_GET['id'];
            $sql = "update user set status = 1 where id = $id";
            $p = $_GET['p'];
            mysqli_query($link,$sql);
            if (mysqli_affected_rows($link)>0) {
                echo "<script>alert('开启成功');window.location.href='user.php?p={$p}&search={$search}';</script>";die;
            }
            mysqli_close($link);
        break;
        case 'exit':
                $time = date('Y-m-d H:i:s');
                $uname = $_COOKIE['uname'];
                $sql ="update user set lastlogin = '{$time}' where userName = '{$uname}'";
                mysqli_query($link,$sql);
                if (mysqli_affected_rows($link)>0){
                    setcookie('uname','',time()-1,'/');
                    setcookie('auth','',time()-1,'/');
                    echo "<script>alert('退出成功');window.location.href='../index.php';</script>";die;
                }
                mysqli_close($link);
		        break;

        case 'add':
            @$auth = $_COOKIE['auth'];
            $uname = $_POST['uname'];
            $pwd = $_POST['pwd'];
            $auth1 = $_POST['level'];
        		if (@$auth == '超级管理员') {
                    if(!empty($_POST['uname']) && !empty($_POST['pwd'])){
                        $sql = "insert into user values(null,'{$uname}','{$pwd}','{$auth1}',1,'','')";
                        mysqli_query($link,$sql);
                        if (mysqli_affected_rows($link)>0){
                            echo "<script>alert('添加成功');window.location.href='user.php';</script>";die;
                        }else{
                            echo "<script>alert('用户名重复');window.location.href='user.php';</script>";die;
                        }

                    }else{
                        echo "<script>alert('内容不能为空');window.location.href='add.php';</script>";die;
                    }
        		}else{
        		    if($auth1 >=2){
                        echo "<script>alert('你的权限不够');window.location.href='add.php';</script>";
                    }else{
                        if(!empty($_POST['uname']) && !empty($_POST['pwd'])){
                            $sql = "insert into user values(null,'{$uname}','{$pwd}','{$auth1}',1,'')";
                            mysqli_query($link,$sql);
                            if (mysqli_affected_rows($link)>0){
                                echo "<script>alert('添加成功');window.location.href='user.php';</script>";die;
                            }else{
                                echo "<script>alert('用户名重复');window.location.href='user.php';</script>";die;
                            }

                        }else{
                            echo "<script>alert('内容不能为空');window.location.href='add.php';</script>";die;
                        }
                        mysqli_close($link);
                    }

        		  /* echo "<script>alert('你没有权限');window.location.href='add.php';</script>";die;*/
        		}
        	break;
        case 'add_list':
            @$auth = $_COOKIE['auth'];
            $uname = $_POST['uname'];
            $pwd = $_POST['pwd'];
            $auth1 = $_POST['level'];
            if (@$auth == '超级管理员') {
                if(!empty($_POST['uname']) && !empty($_POST['pwd'])){
                    $sql = "insert into user values(null,'{$uname}','{$pwd}','{$auth1}',1,'','')";
                    mysqli_query($link,$sql);
                    if (mysqli_affected_rows($link)>0){
                        mysqli_close($link);
                        echo "<script>alert('添加成功');</script>";die;
                    }else{
                        echo "<script>alert('用户名重复');</script>";die;
                    }

                }else{
                    echo "<script>alert('内容不能为空');</script>";die;
                }
            }else{
                if($auth1 >=2){
                    echo "<script>alert('你的权限不够');</script>";
                }else{
                    if(!empty($_POST['uname']) && !empty($_POST['pwd'])){
                        $sql = "insert into user values(null,'{$uname}','{$pwd}','{$auth1}',1,'')";
                        mysqli_query($link,$sql);
                        if (mysqli_affected_rows($link)>0){
                            mysqli_close($link);
                            echo "<script>alert('添加成功');</script>";die;
                        }else{
                            echo "<script>alert('用户名重复');</script>";die;
                        }

                    }else{
                        echo "<script>alert('内容不能为空');</script>";die;
                    }
                }

                /* echo "<script>alert('你没有权限');window.location.href='add.php';</script>";die;*/
            }
            break;

        case 'del':
            $id = $_GET['id'];
            $sql = "delete from user where id ='$id'";
            $p = $_GET['p'];
            mysqli_query($link,$sql);
            if(mysqli_affected_rows($link)>0){
                echo "<script>alert('删除成功');window.location.href='user.php?p={$p}';</script>";die;
            }
            mysqli_close($link);
        		break;
        case 'edit':
            @$auth = $_COOKIE['auth'];
        if (!empty($_POST['pwd'])){
            if ($auth == '管理员'){
                echo "<script>alert('权限不够');window.location.href='user.php';</script>";die;
            }
            $id = $_POST['id'];
            $pwd = $_POST['pwd'];
            $select = $_POST['select'];
            $sql = "update user set password = '$pwd',auth = '$select' where id = '$id'";
            mysqli_query($link,$sql);
            if (mysqli_affected_rows($link)>0){
                echo "<script>alert('修改成功');window.location.href='user.php';</script>";die;
            }else{
                echo "<script>alert('修改失败');window.location.href='user.php';</script>";die;
            }

            mysqli_close($link);
        }else{
            echo "<script>alert('内容不能为空');window.location.href='user.php';</script>";die;
        }

        break;
    case "search":
        if(!empty($_POST['name'])){
            $name = $_POST['name'];
            $auth = $_POST['auth'];
            if ($auth == '管理员'){
                $sql = "select * from user where auth < 2 and userName like '%{$name}%'";
                $result = mysqli_query($link,$sql);
                $rows = mysqli_fetch_assoc($result);
                if($rows){
                    echo "<script>window.location.href='user.php?search={$name}'</script>";die;
                }else{
                    echo "<script>alert('用户不存在');window.location.href='user.php?search=';</script>";die;
                }
            }else{
                $sql = "select * from user where auth < 3 and userName like '%{$name}%'";
                $result = mysqli_query($link,$sql);
                $rows = mysqli_fetch_assoc($result);
                if($rows){
                    echo "<script>window.location.href='user.php?search={$name}'</script>";die;
                }else{
                    echo "<script>alert('用户不存在');window.location.href='user.php?search=';</script>";die;
                }
            }


        }else{
            echo "<script>window.location.href='user.php?search='</script>";die;
        }
        break;

        default:
			  echo "<script>alert('什么鬼');window.location.href='index.php';</script>";die;

}

